<?php

$check = mysql_connect("localhost","root","");
if(!$check)
{
    die('Could not connect:' . mysql_error());
}
mysql_select_db("mydb",$check);

//establish a connection to the database

if(isset($_GET['code'])) //when the code has been set
{
  $get_email = $_POST['email']; //get the email from the link
  $get_code = $_GET['code']; //get the code from the link which is auto generated
  $res = mysql_query("SELECT * FROM member Where email = '$get_email'"); //select from table member where email submit is the same as the email in our database
  
  while ($row = mysql_fetch_assoc($res)) { //return in array the value of $res
    
      $confo_code = $row['reset_password']; //set the code value  to the reset_password col
      $confo_email = $row['email']; //set email value to the email returned from database
    
  
  
  if($get_email == $confo_email && $get_code == $confo_code) //when the code taken equal to the value of the code in database and the same for email
  {
    
  

    $newpass = $_POST['newpassword']; //submit new password
    $newpass1 = $_POST['newpassword1']; //submit confirmation for new password
    $POST_email = $_POST['email']; //from the email submit
    $code = $_GET['code']; //code is the same for email submited
   
    if($newpass == $newpass1) {  //check if the user submit the same password correct in the two fields
      
    $enc_password = md5($newpass); //used to encrypt the new password
      
    mysql_query("Update member SET password = '$enc_password' where email = '$POST_email'"); //update table member by setting the password col to the new encrypted one and when the email in the database is the same as the email submited
    mysql_query("Update member SET reset_password = '0' where email = '$POST_email'"); // update table member by set reset_password equal to 0 and it will be changed when the user changed it , the email submited must be as the email in the database
      
      
    echo"Password changed<p><a href='SignIn.php>Click here to SignIn</a>"; //message tell the user that his password has been changed and he can SignIn again now by his new password
  
    }
    else
    {
        echo "Password is not matching<a href='resetPassword2.php?code=$code&email=$POST_email'>Click here to go back</a>"; //message appear to the user tell him that he didn't enter the same password in the two fields (newpass,newpass1)
    }
  }

}
}

?>

<form action='resetPassword2.php?code=$get_code' method='POST'>
    Enter New Password<br><input type='password' name='newpassword'/><br>
    Confirm Your Password<br><input type='password' name='newpassword1'/><p>
    <input type='hidden' name='email' value='<?php $confo_email = $_GET['email']; echo $confo_email; ?>'/>
    <input type='submit' value='Update Password'/></p>

     

